NOVEL NEXT Chapter 7: Chapter 7
It would seem as though two weeks melt away in the blink of an eye, almost with ease. Henry hunched his shoulders and got down to some serious grind of his workout routine when early morning sky wrapped itself in the soft and dim glow of the night. Rhythmic puffs of his outrush of breath were very distinct against the fresh cool air of the dawn. Intact, untiring, and repetitive efforts at which he pulled out all stops-all of two whole weeks was what he devoted to getting into shape. Push-ups, squats, running, snatches, and a mixture of a few other important workouts had found a place in his daily routine.
The improvement he had achieved might not have been dramatic, but indeed was noticeable to him many ways: his muscles did feel a great deal firmer than they previously had, his body a bit more resilient, and he was definitely able to go longer without getting tired. The fact that he had a very tiring and exhausting schedule notwithstanding, the structure and the discipline he had set for himself did have him being in control of himself and his decisions more.
Physical training was not the only thing he had achieved in those two weeks; a number of other very critical things had also been accomplished.
That was pretty cool when it hit YouTube and beat his pretty low expectations: 1.2k views on the main promotional video is quite impressive for a guy running a new channel in the jungle that is YouTube; meanwhile, those shorts are doing even better, their view counts going from 1k all the way to 5k. These videos put together brought quite serious traffic flow into his Discord server, now proudly boasting over 600 real members who are quite active regarding the content.
Most were currently on the free trial version of his cheats, which was a good plan Henry had devised to make sure that he won the confidence of his audience, as well as the potential buyers who would eventually purchase any product from him. As it were, it seemed like things were working out rather well. In fact, within the first week of this program, six members opted to buy the full version, reaping him a good promising amount from sales revenue amounting to $205.
"When the free trials expire," Henry mused, "that is when the serious sales will surely begin rolling in."
The free trial on offer was, for most of the signed-up users, going to expire very shortly. In fact, their free trial period had already expired for a few select users, while the newer community members were just about to start theirs. In order to counter this possibility of abuse, Henry had already inserted a hardware ID check feature into the software application. The particular measure was designed to make sure users could not just create a new Discord account and request a fresh trial key for usage on the same device on which they had used it until the expiration of the trial period.
Even with all precautions in place, Henry soon found a rather glaring and disturbing trend: many people were out to game the system entirely. A raft of reports began pouring in through the software, which dutifully flags him every time anybody tries to use a new trial key on that very same specific hardware ID. To this end, these users would create different accounts on Discord, subsequently rejoined into the server, and tried to claim new trial keys by unauthorized means.
Henry had anticipated this all along and was ready for whatever was thrown his way. The software that he used to trace these suspicious attempts also successfully linked several accounts with their respective original hardware IDs. With this crucial information he gathered, Henry conducted an operation he would refer to as "The Purge."
By linking the marked hardware IDs with the Discord accounts connected to them, more than 400 deceitful members showed up within the community. In one smooth, confident gesture, Henry let out his pent-up power to ban the deceitful accounts once and for all.
With the in-software reporting and linking capabilities, automation of most of the process was inevitable. In this case, he needed only to confirm the bans the scripts automatically placed on the offending accounts. He did this with a certain grim satisfaction. When it was finally over, the formerly bloated mess of hundreds upon hundreds of fake accounts had left the server spotless and well-organized, giving way to a much more organic feel of community.
Upon returning from his aggressive workout, Henry took some time showering himself to cool off before proceeding to check on his Discord server. He signed in, and seemingly, nothing much was going on at that very moment, other than a number of casual discussions going on among the members of the community, most of them speaking highly of the cheats or sharing their experiences about the free trial they had been on.
However, flipping to his email account, he came across something much more exciting than it had been so far:
Subject: Bounty Award Notification
Dear Henry,
Thank you for submitting your recent report regarding a Cross-Site Scripting (XSS) vulnerability. After careful evaluation, the affected program has validated your findings and classified the issue as Critical Risk due to its potential impact.
We are excited to inform you that your report has been accepted and resolved by the program. You are now eligible to receive a bounty of $17,000 USD as recognition for your valuable contribution to improving security.
Summary of Report
Issue: Cross-Site Scripting (XSS)
Severity: Critical Risk
Affected Program: Paypal
Bounty Awarded: $17,000 USD
This amount will be processed and transferred to your preferred payment method within the next 7-14 business days.
We appreciate your dedication to ethical hacking and your continued efforts in helping secure the digital landscape. If you have any questions regarding this bounty or future opportunities, please don't hesitate to reach out.
Warm regards,
The HackerOne Team
With his heart racing in great excitement and anticipation, Henry sat there and read through the email that just came up on his screen. He could hardly believe his eyes that, well, the report validation had finally come much quicker than he had estimated. While normally a bounty review would take several weeks, if not months, to get through, this time around the experience was nothing short of amazing and quite unanticipated.
The secret of success lay in the really great and Herculean nature of thoroughness: he was applying a portion of his really advanced knowledge in the advanced all-around skill of Game Hacking 101 in his system for searching out and ingeniously highlighting a critical big XSS vulnerability present on PayPal's platform. Critical indeed, because any attacker able to successfully exploit this could steal sensitive information about any user or go on to perform any unauthorized activity in the name of such an affected user.
His report was really, really detailed, showing he cared so much about it in every detail. He was not summarizing the problem; rather, he took pains to describe the root cause behind it, offer completely detailed methods for replication so the results could be verified, and offer a working script that can actually exploit the identified vulnerability to success. Besides the huge effort he put into this, he actively proposed possible solutions to the problem by including all the relevant code snippets that will help the developers at PayPal walk them through the implementation process.
"This is just the beginning," he started whispering softly, with a great smile spreading all over his face to reflect his excitement about what was next.
With his game-hacking business blossoming at a rapid rate and the completely unforeseen windfall which had come his way through HackerOne, Henry was as confident as ever. A small laugh escaped his lips, one he just couldn't hold in, and his voice was tinged with the delicious mix of excitement and an ambitious drive for what was to come.
Even as Henry took the time to celebrate these early victories and accomplishments, he knew full well that this was but the beginning of everything yet to unfold.